CN112801663B

CN112801663B - Blockchain certification method, device, system, equipment and medium

Info

Publication number: CN112801663B
Application number: CN202110162452.XA
Authority: CN
Inventors: 张扬; 李鑫; 吴飞鹏
Original assignee: Beijing Peersafe Technology Co ltd
Current assignee: Beijing Peersafe Technology Co ltd
Priority date: 2021-02-05
Filing date: 2021-02-05
Publication date: 2024-03-19
Anticipated expiration: 2041-02-05
Also published as: CN112801663A

Abstract

The application discloses a blockchain certification method, a device, a system, equipment and a medium, wherein the method comprises the following steps: sending an electronic data signing request to a second client, wherein the electronic data signing request comprises first electronic data; receiving first signature information which is sent by a second client and corresponds to the hash value of the first electronic data; verifying the first signature information by adopting a preset first public key; when the verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file; and sending the certificate and the hash value of the first electronic data to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on the intelligent contract. According to the technical scheme, a third party evidence storage system is not needed, the hash value of the first electronic data can be stored on the blockchain system based on the zero knowledge proof algorithm, the identity privacy of the two parties is prevented from being exposed, and the safety of the first electronic data storage is improved.

Description

Blockchain certification method, device, system, equipment and medium

Technical Field

The present invention relates generally to the field of blockchain technologies, and in particular, to a blockchain certification method, device, system, apparatus, and medium.

Background

With the rapid development of informatization technology, more and more electronic data are generated. Sensitive information such as personal privacy or business confidentiality, for example, a contract, which is a legal agreement signed by the two parties of the transaction after the cooperation relationship is determined, is an indispensable part of business activities, can be involved in the electronic data. The direct preservation of the contract by both parties of the transaction can be at risk of being counterfeited or tampered, which results in difficulty in authentication, and therefore, the need to effectively preserve the equivalent electronic data is particularly important.

At present, electronic data such as a contract can be directly stored in a third party evidence storage system in the related technology, but the method can leak identity privacy or secret-related information of both sides of the contract, so that serious loss is caused to benefits of both sides of the contract, and particularly, some electronic evidences related to business confidentiality of business information are led to lower storage security of the electronic data such as the contract.

Disclosure of Invention

In view of the foregoing deficiencies or inadequacies of the prior art, it is desirable to provide a blockchain certification method, apparatus, system, device and medium.

In a first aspect, the present application provides a blockchain certification method, the method comprising:

Sending an electronic data signing request to a second client, wherein the electronic data signing request comprises first electronic data;

receiving first signature information which is sent by a second client and corresponds to the hash value of the first electronic data;

verifying the first signature information by adopting a preset first public key;

when the verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file;

the certificate and the hash value of the first electronic data are sent to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on the intelligent contract.

In a second aspect, the present application provides a blockchain certification method, the method comprising:

receiving and responding to an electronic data signing request sent by a first client, and acquiring second electronic data and second signature information, wherein the second electronic data comprises first electronic data, and the second signature information is obtained by signing a hash value of the first electronic data by the first client;

verifying the second signature information by adopting a preset second public key;

and when the verification is passed, sending first signature information to the first client, wherein the first signature information is obtained by signing the hash value of the first electronic data by the second client.

In a third aspect, the present application provides a blockchain certification method, the method comprising:

receiving a certification file and a hash value of first electronic data sent by a first client;

and verifying the correctness of the certificate based on the intelligent contract, and storing the hash value of the first electronic data when the correctness of the certificate is verified.

In a fourth aspect, the present application provides a blockchain certification device, the device comprising:

the first sending module is used for sending an electronic data signing request to the second client, wherein the electronic data signing request comprises first electronic data;

the receiving module is used for receiving first signature information which is sent by the second client and corresponds to the hash value of the first electronic data;

the verification module is used for verifying the first signature information by adopting a preset first public key;

the generation module is used for generating a certification file by adopting a zero knowledge certification algorithm when the verification is passed;

and the second sending module is used for sending the certificate and the hash value of the first electronic data to the blockchain system so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on the intelligent contract.

In a fifth aspect, the present application provides a blockchain certification device, the device comprising:

The receiving module is used for receiving and responding to the electronic data signing request sent by the first client to obtain second electronic data and second signature information, wherein the second electronic data comprises the first electronic data, and the second signature information is obtained by signing the hash value of the first electronic data by the first client;

the verification module is used for verifying the second signature information by adopting a preset second public key;

and the sending module is used for sending first signature information and a first public key to the first client when the verification passes, wherein the first signature information is obtained by signing the hash value of the first electronic data by the second client.

In a sixth aspect, embodiments of the present application provide a blockchain certification device, the device including:

the receiving module is used for receiving the certificate file sent by the first client and the hash value of the first electronic data;

and the storage module is used for verifying the correctness of the certificate based on the intelligent contract and storing the hash value of the first electronic data when the certificate is verified to be correct.

In a seventh aspect, an embodiment of the present application provides a blockchain certification system, where the system includes a first client, a second client, and a blockchain system, where the first client communicates with the second client and the blockchain system, respectively, and the second client communicates with the blockchain system;

The first client is used for sending an electronic data signing request to the second client, receiving first signature information corresponding to the hash value of the first electronic data sent by the second client, and verifying the first signature information by adopting a preset first public key; when verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file, and the proof file and a hash value of the first electronic data are sent to a block chain system;

the second client is used for receiving and responding to the electronic data signing request sent by the first client, acquiring second electronic data and second signature information, and verifying the second signature information based on a preset second public key; when the verification is passed, the first signature information and the first public key are sent to the first client;

the blockchain system is used for receiving the certification file sent by the first client and the hash value of the first electronic data; and verifying the correctness of the certificate based on the intelligent contract, and storing the hash value of the first electronic data when the correctness of the certificate is verified.

In an eighth aspect, embodiments of the present application provide a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the method of the first aspect or the method of the second aspect or the method of the third aspect when the processor executes the computer program.

In a ninth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program for implementing the method of the first aspect or the method of the second aspect or the method of the third aspect described above when executed by a processor.

In summary, according to the blockchain certification method, device, system, equipment and medium provided by the application, a first client sends an electronic data signing request including first electronic data to a second client, receives first signature information corresponding to a hash value of the first electronic data sent by the second client, verifies the first signature information by adopting a preset first public key, generates a certification file by adopting a zero knowledge certification algorithm when the verification is passed, and sends the certification file and the hash value of the first electronic data to a blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certification file is correct based on an intelligent contract. According to the scheme, a third party evidence storage system is not needed, safe and reliable storage of the hash value of the first electronic data on the blockchain system can be realized based on a zero knowledge proof algorithm, so that the validity of the first electronic data is effectively verified when business disputes are generated, the identity privacy of the two parties is prevented from being exposed, and the safety of the first electronic data storage is improved.

Drawings

Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings, in which:

FIG. 1 is a schematic diagram of a blockchain certification system according to an embodiment of the present disclosure;

FIG. 2 is a schematic diagram illustrating an internal structure of a blockchain certification system provided in an embodiment of the present application;

FIG. 3 is a flowchart illustrating a blockchain certification method according to an embodiment of the present disclosure;

FIG. 4 is a flowchart illustrating a blockchain certification method according to an embodiment of the present disclosure;

FIG. 5 is a flowchart illustrating a blockchain certification method provided in an embodiment of the present application;

FIG. 6 is a flowchart illustrating a blockchain certification method provided in an embodiment of the present application;

FIG. 7 is a flowchart illustrating a blockchain certification method according to an embodiment of the present disclosure;

FIG. 8 is a flowchart illustrating a blockchain certification method provided in an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present disclosure;

FIG. 10 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present disclosure;

FIG. 11 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present disclosure;

fig. 12 is a schematic structural diagram of a computer system according to an embodiment of the present application.

Detailed Description

The present application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the invention are shown in the drawings.

It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.

It can be appreciated that electronic data such as contracts are important as legal agreements that are signed after the parties determine the cooperative relationship, because they involve sensitive information such as personal privacy or business confidentiality, and the need to effectively preserve the sensitive information is important. At present, the contract can be directly stored in a third party certificate storage system, but the related method can leak the identity privacy and secret information of both sides of the contract, and serious loss is caused to the benefits of the two sides of the contract, so that the storage security of the electronic data of the same party is lower.

Based on the defects, the application provides the blockchain certification method, compared with the prior art, the method does not need to pass through a third party certification system, and safe and reliable storage of the first electronic data on the blockchain system can be realized based on a zero knowledge certification algorithm, so that the validity of the first electronic data is effectively verified when business disputes are generated, identity privacy of two parties is prevented from being exposed, and the safety of the first electronic data storage is improved.

Fig. 1 is a schematic structural diagram of a blockchain certification system provided in an embodiment of the present application, as shown in fig. 1, the system includes a first client 10, a second client 20, and a blockchain system 30, where the first client 10 communicates with the second client 20 and the blockchain system 30, and the second client 20 communicates with the blockchain system 30.

Wherein the first client 10 may be a client used by a data initiator and the second client 20 may be a client used by a data contractor, the data may be a contract, for example. The first client or the second client may be running on an electronic device, which may be a notebook computer, a tablet computer, a desktop computer, a smart phone, etc.

The first client 10 is configured to send an electronic data signing request to the second client 20, receive first signature information corresponding to a hash value of first electronic data sent by the second client 20, and verify the first signature information by using a preset first public key; when verification passes, a zero knowledge proof algorithm is used to generate a proof file and the hash value of the proof file and the first electronic data is sent to the blockchain system 30.

The second client 20 is configured to receive and respond to the electronic data subscription request sent by the first client 10, obtain second electronic data and second signature information, and verify the second signature information based on a preset second public key; when the verification is passed, the first signature information is transmitted to the first client 10.

The blockchain system 30 is configured to receive the certificate and the hash value of the first electronic data sent by the first client 10, verify the correctness of the certificate based on the smart contract, and store the hash value of the first electronic data when the certificate is verified to be correct.

Fig. 2 shows a logic framework of each service module and main sub-functional modules included in each module applied to the method, and referring to fig. 2, the configuration file mainly includes a user interaction service, a blockchain service, a zero knowledge proof service, a messaging service, a data storage service and an API interface service.

The user interaction service mainly provides an off-link UI interaction service and DB interaction for users, and the UI interaction service can include but is not limited to data sending, data receiving, request signing and the like. The user interaction service may be associated with a data storage service through which interaction data generated by the user interaction is stored.

The intelligent contract management service mainly provides Shield, verifier and other dynamic contracts for the uplink of the first electronic data provided by the first client, is deployed on the chain during the system initialization running, and is invoked when the first client needs to perform data uplink. The first client does not have the right to modify the contract content, and the intelligent contracts are managed and built as part of the deployment process, requiring special customization according to the situation.

The zero knowledge proof service is mainly used to generate proof of being verifiable on a chain. Such services include, but are not limited to, compiling circuitry (zkstark Circuits), generating proof and verifiers to verify data validity, and the like.

Messaging services are primarily messaging using Whisper processing, which also includes an application for creating an identity and a pub/sub wrapper for handling messaging.

The data storage service is mainly for providing a user with different DB components for managing data across storage instances (Mongo DB) and cache instances (dis DB).

API interface service: the microservice coordinates the management of all application services mainly through the configuration file Config Files configuration.

For ease of understanding and description, the blockchain certification method, apparatus, device, and medium provided by embodiments of the present application are described in detail below with reference to fig. 3 to 12.

Fig. 3 is a flowchart of a blockchain certification method provided in an embodiment of the present application, where the method is applied to a first client, as shown in fig. 3, and the method includes:

step S101, an electronic data signing request is sent to a second client, where the electronic data signing request includes first electronic data.

Step S102, first signature information corresponding to the hash value of the first electronic data, which is sent by the second client side, is received.

Step S103, verifying the first signature information by adopting a preset first public key.

And step S104, when the verification is passed, generating a certification file by adopting a zero knowledge certification algorithm.

Step S105, sending the certificate and the hash value of the first electronic data to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on the intelligent contract.

Specifically, when the first client needs to perform signing service of electronic data with the second client, a first public key and a second public key may be specified in advance between the first client and the second client, where the first public key is used to verify first signature information corresponding to a hash value of the first electronic data by the second client, the second public key is used to verify second signature information corresponding to a hash value of the first electronic data by the first client, then the first client may first create the second electronic data and store the second electronic data in the first database, then determine the first electronic data from the second electronic data, determine the hash value of the first electronic data by adopting a hash algorithm, and sign the hash value of the first electronic data by adopting the second private key and the first electronic signature to obtain the second signature information. Alternatively, the first electronic data may be more important data in the second electronic data.

It should be noted that, the hash value is generally represented by a string composed of short random letters and numbers, and is a set of "data fingerprints" obtained by hashing any length of input information, which is also referred to as digest value, and is represented in binary form by a bottom machine code of a computer, where a hash function can be used to transform the input first electronic data with any length into output data with a fixed length, where the output data is obtained by using the hash function to obtain the digest value corresponding to the first electronic data, where the hash function can make the accessing process of a data sequence more rapid and efficient, and the data elements will be located more rapidly by using the hash function. Alternatively, the usual hash functions may be: direct addressing, digital analysis, square centering, random number, etc. The resulting digest value has a digest length of 256 bits, which is 32 bytes in total.

The first client may be a contract initiator, the second client may be a contract contractor, the second electronic data may be a contract, the first electronic data may be confidential data in the contract, and the first database may be a private database corresponding to the contract initiator.

After signing the hash value of the first electronic data to obtain second signature information, the first client can send an electronic data signing request to the second client through a secure transmission channel, wherein the electronic data signing request comprises second signature information which can comprise the second electronic data and the hash value of the first electronic data, and signs the hash value of the first electronic data, so that the second client responds to the electronic data signing request after receiving the electronic data signing request, stores the second electronic data in a second database, and performs verification operation on the second signature information through a preset second public key so as to verify the validity of the signature of the first client. The second database may be, for example, a private database corresponding to the contractual party.

It should be noted that the first client may store the second electronic data into the first database through the local database storage system, so as to ensure safe and reliable storage and access of the data, and not leak data to any client except the first client.

When the second client verifies the second signature information, a first private key is adopted to sign the hash value of the first electronic data to obtain first signature information, the first signature information is sent to the first client, the first client verifies the first signature information by adopting a preset first public key, when the verification passes, a zero knowledge proof algorithm is adopted to generate a proof file, the proof file and the hash value of the first electronic data are sent to a blockchain system, the blockchain system verifies the correctness of the proof file based on an intelligent contract, and the hash value of the first electronic data is stored after the proof file is verified to be correct.

According to the blockchain certification method, the first client sends the electronic data signing request comprising the first electronic data to the second client, receives the first signature information which is sent by the second client and corresponds to the hash value of the first electronic data, verifies the first signature information by adopting the preset first public key, generates the certification file by adopting the zero knowledge certification algorithm when the verification passes, and sends the certification file and the hash value of the first electronic data to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certification file is correct based on the intelligent contract. According to the scheme, a third party evidence storage system is not needed, safe and reliable storage of the hash value of the first electronic data on the blockchain system can be realized based on a zero knowledge proof algorithm, so that the validity of the first electronic data is effectively verified when business disputes are generated, the identity privacy of the two parties is prevented from being exposed, and the safety of the first electronic data storage is improved.

Optionally, on the basis of the foregoing embodiment, fig. 4 is a schematic flow chart of a method for generating a certificate provided in an embodiment of the present application. As shown in fig. 4, the method may include:

s201, carrying out consistency verification on hash values of first electronic data to be uplinked through a preset logic circuit equation.

S202, when the consistency verification is passed, verifying second signature information of the hash value of the first electronic data by adopting a preset second public key and verifying first signature information of the hash value of the first electronic data by adopting a preset first public key respectively.

And S203, when the first signature information and the second signature information are verified to pass, generating a certification file by adopting a zero-knowledge certification tool based on the hash value of the first electronic data, the first signature information, the second signature information, the first public key and the second public key.

In particular, zero knowledge proof is an important technology of cryptography for privacy protection, which can enable a verifier to neither know the specific content of electronic data, nor determine whether the electronic data is valid. When the zero knowledge proof algorithm is adopted to generate the proof file, consistency verification and signature verification can be carried out on the hash value of the first electronic data to be uplinked through a preset logic circuit equation. The consistency verification is mainly to verify whether the hash value of the first electronic data to be uplink signed by both parties is consistent with the hash value of the first electronic data. The signature verification is mainly to verify whether the public keys of the two parties can correctly verify the signature information of the hash value of the first electronic data.

The first client can firstly perform consistency verification on the hash value of the first electronic data to be uplinked through a preset logic circuit equation so as to check whether the hash value to be uplinked signed by both sides is consistent with the hash value of the first electronic data, if so, the consistency verification is passed, and if not, the consistency verification is failed.

When the consistency verification is passed, verifying the second signature information of the hash value of the first electronic data by using a preset first public key and verifying the first signature information of the hash value of the first electronic data by using a preset first public key respectively, and when the first signature information and the second signature information are verified to pass, generating a certification file by using a zero knowledge proof tool based on the hash value of the first electronic data, the first signature information, the second signature information, the first public key and the second public key.

Further, the hash value of the first electronic data may be used as a public Input, the first signature information, the second signature information, the first public key and the second public key may be used as private inputs, the witness file witness may be generated by a computer-witness in the zero knowledge Proof tool, then the setup and a preset logic circuit in the zero knowledge Proof tool may be used to generate the Proof key pk, then the Proof file Proof may be generated based on the witness file witness and the Proof key pk, and the Proof file may be generated by a generateProof (pk, witness) in the zero knowledge Proof tool.

The first client generates the certification file by adopting a zero knowledge certification algorithm, so that the fact that only the hash value of the first electronic data signed by both parties can be stored in the blockchain system is ensured, and when disputes occur, effective certification can be carried out through the certification file, information leakage is avoided, and the originality and the integrity of the data are effectively ensured.

In this step, after the certificate is generated, the certificate and the hash value of the first electronic data may be transmitted to the blockchain system, so that the blockchain system verifies the correctness of the certificate based on the smart contract, and stores the hash value of the first electronic data after verifying the correctness. And then sending a uplink result to the first client, when the uplink result represents that the uplink of the hash value of the first electronic data is successful, acquiring a data node index and a merck tree root corresponding to the hash value of the first electronic data stored in the blockchain system, and then sending the data node index and the merck tree root by the second client so that the second client verifies the validity of the hash value of the first electronic data stored in the blockchain system based on the data node index and the merck tree root.

In this embodiment, only the hash value of the first electronic data is required to be stored in the blockchain system, and the information such as the public keys of the two parties and the like is not required to be stored in the blockchain system, but the public keys of the two parties and the signature information of the two parties are stored in the intelligent contract, so that the identity privacy of the two parties of the data is protected.

Fig. 5 is a flowchart of a method for proving a blockchain provided in an embodiment of the present application, where the method is applied to a second client, as shown in fig. 5, and the method includes:

s301, receiving and responding to an electronic data signing request sent by a first client, and acquiring second electronic data and second signature information, wherein the second electronic data comprises first electronic data, and the second signature information is obtained by signing a hash value of the first electronic data by the first client.

S302, verifying the second signature information by adopting a preset second public key.

And S303, when the verification is passed, sending first signature information and a first public key to the first client, wherein the first signature information is obtained by signing the hash value of the first electronic data by the second client.

Specifically, after creating the second contract data and storing the second contract data in the first database, the first client determines the first electronic data from the second electronic data, determines the hash value of the first electronic data by adopting a hash algorithm, and signs the hash value of the first electronic data by adopting a preset second private key and a first electronic signature to obtain second signature information. And then sending an electronic data signing request to a second client, wherein the electronic data signing request comprises second electronic data, a hash value of the first electronic data and second signature information, the second client receives and responds to the electronic data signing request sent by the first client to acquire the second electronic data and the second signature information, the second electronic data is stored in a second database, then the second signature information is verified by adopting a preset second public key, and the hash value of the first electronic data is signed by adopting a first private key and a second electronic signature to obtain the first signature information.

The second client sends first signature information to the first client, so that the first client verifies the first signature information by adopting a preset first public key, when the verification passes, a zero knowledge proof algorithm is adopted to generate a proof file, and the hash value of the proof file and the first electronic data is sent to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the proof file is correct based on the intelligent contract.

In this step, when the uplink of the hash value of the first electronic data is successful, the blockchain system sends the uplink result to the second client, and when the uplink result is characterized as successful, the data node index and the merck tree root sent by the first client are received, and then the validity of the hash value of the first electronic data stored in the blockchain system is verified based on the data node index and the merck tree root. The second client can find the hash value of the first electronic data stored in the blockchain system through the data node index and the merck tree root, compare the hash value of the first electronic data stored in the blockchain system with the hash value of the first electronic data stored in the second database, and represent that the hash value of the first electronic data is successfully stored in the blockchain system when the comparison is consistent; and when the comparison is inconsistent, indicating that the hash value of the first electronic data is not successfully stored in the block chain system.

According to the embodiment, after the signatures of the two parties are verified to be correct, the hash value of the first electronic data is stored, so that the consistency of the two parties of the data is ensured, the hash value of the first electronic data is only required to be stored in the block chain system, the identity privacy of the first client and the second client is protected, information leakage is avoided, and the security of the storage of the first electronic data is improved.

FIG. 6 is a flowchart of a method for proving a blockchain according to an embodiment of the present application, where the method is applied to a blockchain system, as shown in FIG. 6, and the method includes:

s401, receiving a certificate file sent by a first client and a hash value of first electronic data.

S402, verifying the correctness of the certificate based on the intelligent contract, and storing the hash value of the first electronic data when the correctness of the certificate is verified.

Specifically, after the first client generates the proof file by adopting the zero knowledge proof algorithm, the hash value of the proof file and the first electronic data is sent to the blockchain system, and after the hash value of the proof file and the first electronic data is received by the blockchain system, the correctness of the proof file is verified based on the intelligent contract.

It should be noted that, the first client may generate the certification key and the verification key based on the zero knowledge proof tool and the preset logic circuit, where the verification key matches the certification key.

The blockchain system may obtain the verification key sent by the first client, and verify the correctness of the certificate through a first smart contract based on the verification key and the hash value of the first electronic data, where the first smart contract is a verification contract, for example, a Verifier contract. When the verification is correct, the hash value of the first electronic data is stored based on a second smart contract, which is a state contract, for example, a Shield contract.

The method comprises the steps that a Shield contract discloses a calling authority for a data initiator of a first client, and a Verifer contract can only be called in the Shield contract; the Shield contract mainly stores the hash value of the first electronic data into the blockchain system, but before the hash value is stored into the blockchain system, whether the hash value of the first electronic data is valid or not needs to be verified through the verifier contract, and the verification can be realized by verifying the correctness of the certificate; the Verifer contract is mainly used for verifying the validity of the hash value of the first electronic data to be uplinked through a zero knowledge proof algorithm, and the hash value of the first electronic data can be stored into the blockchain system through the Shield contract only when verification is passed.

In this embodiment, only the hash value of the first electronic data needs to be stored in the blockchain, and the identity privacy of both parties of the data can be protected by storing both party signature information, both party public keys and the like in the intelligent contract.

For a clearer description of the present application, please refer to fig. 7, in which a first client is a contract initiator, a second client is a contract contractor, first electronic data is a contract, and second electronic data is contract secret data, the method includes:

s501, the contract initiator creates a contract and stores the contract in a first database.

S502, determining contract secret related data from the contract, and determining a hash value of the contract secret related data by adopting a hash algorithm.

S503, signing the hash value of the contract secret data by adopting a second private key and the first electronic signature to obtain second signature information.

S504, an electronic data signing request is sent to a contract signing party, wherein the electronic data signing request comprises a contract and second signing information.

S505, the contract signing party receives and responds to the electronic data signing request, and the second signing information is verified by adopting a preset second public key.

S506, when verification passes, signing the hash value of the contract secret data by adopting a first private key to obtain first signature information.

S507, the contract signing transmits the first signature information to the contract initiator.

S508, verifying the first signature information by adopting a preset first public key.

S508, when the verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file.

S510, sending the hash value of the certificate and the contract-related data to the blockchain system, so that the blockchain system stores the hash value of the contract-related data after verifying that the certificate is correct based on the intelligent contract.

And S511, after the uplink is successful, sending the data node index and the Merker tree root to the contract signing party.

S512, the contract signing party verifies the validity of the hash value of the stored contract secret data based on the data node index and the Merker tree root.

Specifically, as shown in fig. 8, a first public key and a second public key may be specified in advance by the contract initiator and the contract contractor, where the first public key and the second public key are used to verify signature information of both parties, the contract initiator creates a contract and stores the contract in a first database, the first database is an under-chain private database, then, contract-related data is determined from the contract, a hash value of the contract-related data is determined by adopting a hash algorithm, and the hash value of the contract-related data is signed by adopting the second private key and the first electronic signature to obtain second signature information. And sending an electronic data signing request to the contract signing party through the private channel, wherein the electronic data signing request comprises the contract and second signing information. The contract signing party receives and responds to the electronic data signing request, a preset second public key is adopted to verify the second signature information, when the second signature information passes the verification, the contract is stored in a second database, the second database is an under-chain private database, then the first private key is adopted to sign the hash value of the contract secret data, the first signature information is obtained, and the first signature information is sent to the contract initiating party.

And the contract initiator verifies the first signature information by adopting a preset first public key, and when the verification is passed, a zero knowledge proof module is called to generate a proof file by adopting a zero knowledge proof algorithm. And sending the hash values of the certificate and the contract-related data to the blockchain system to request a chaining operation to the blockchain system, so that the blockchain system verifies the validity of the hash value of the first electronic data to be uplinked based on the verifier contract, and when the verification passes, the hash value of the contract-related data is processed into blocks based on the Shield contract and stored on the blockchain system. And after the uplink is successful, sending an uplink success message to the contract signing party, and verifying the validity of the hash value of the contract secret data stored in the blockchain system.

It should be noted that, the contract initiator may send the data node index and the merck tree root to the contract contractor, and the contract contractor may verify the validity of the hash value of the contract-related data according to the data node index and the merck tree root.

Taking the first electronic data as contract secret data as an example and the second electronic data as a contract as an example, assuming that both contract parties are a contract initiator (buyer) and a contract contractor (provider) respectively, the contract initiator and the contract contractor pre-designate a buyer public key and a provider public key, and define a data structure related to the contract as follows:

In cryptography, a salt (salt) refers to a method of inserting a specific character string into an arbitrary fixed position of a hash content (for example, a password) before hashing, and this method of adding a character string into a hash is called "adding salt". In most cases, the salt is not kept secret, the salt can be a randomly generated string, and the insertion position can also be random. If this hash result needs to be verified in the future (e.g., to verify the user entered password), then the used salt needs to be recorded.

The contract initiator creates a contract PSACConstants, stores the contract PSACConstants in a first database local to the contract initiator, determines contract-related data from the contract, marks the contract-related data as PSACCommittent, and creates a hash value of the contract-related data according to the PSACConstants and the random salt, wherein the hash value of the contract-related data is determined by PSACommitment value =H (publicKeyOfBuyer, publicKeyOfSupplier, dataOfSensitive, erc20ContractAddress, salt) in the following way, and the hash value comprises hash calculation of a buyer public key, a supplier public key, the contract-related data, erc contract-related addresses and salt;

signing the hash value PSACommitment value of the contract-related data by the contract initiator to obtain second signature information, and sending the signed hash value PSACommitment value of the contract-related data and the data such as PSAC Committee, salt and the like to the contract contractor through a secure channel by the contract initiator; after receiving the electronic data signing request sent by the contract initiator, the contract signing party responds to the electronic data signing request, verifies the validity of the second signing information by using a second public key pre-designated by the contract signing party, signs a hash value PSACommitment value of the contract secret data signed by the contract signing party by adopting a first private key after the verification is passed, and sends the signed first signing information to the contract initiator through a private channel.

After receiving a data packet sent by a contract signing party, a contract initiator verifies first signature information sent by the contract signing party through a first public key pre-designated by the contract signing party, generates a certification file according to a zero knowledge proof algorithm after the verification is passed, and sends the certification file to a blockchain system, so that the blockchain system invokes a Verifier contract through a Shield contract to verify the validity of the data, and after the verification is passed, the hash value PSAC Committment. The contract sponsor may send the necessary validation data including, but not limited to, data node index, merkle tree root, etc., to the contract contractor. After receiving the successful uplink message sent by the blockchain, the contract contractor verifies whether the hash value of the contract secret data is correctly stored on the blockchain system based on the data node index and the Merkle tree root.

In this embodiment, the contract double sending completes the valid consensus of the on-chain data, and during the contract execution, either party cannot tamper with or repudiate the validity of the contract content. The hash value of the contract secret-related data is only required to be stored on the blockchain system, and the hash value of the contract, the signatures of the two parties of the contract, the public keys of the two parties and the like are not required to be stored on the blockchain system, but the public keys of the two parties and the signature information are stored in the intelligent contract, so that identity privacy of the two parties of the contract is ensured. The method and the device can effectively verify the originality and the integrity of the electronic contract on the premise of protecting the privacy of the electronic contract.

It should be noted that although the operations of the method of the present invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in that particular order or that all of the illustrated operations be performed in order to achieve desirable results. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.

Fig. 9 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present invention. As shown in fig. 9, the apparatus may implement the method shown in fig. 3, and the apparatus may include:

a first sending module 610, configured to send an electronic data subscription request to the second client, where the electronic data subscription request includes first electronic data;

a receiving module 620, configured to receive first signature information corresponding to a hash value of the first electronic data, where the first signature information is sent by the second client;

the verification module 630 is configured to verify the first signature information by using a preset first public key;

a generation module 640, configured to generate a proof file using a zero knowledge proof algorithm when the verification passes;

The second transmitting module 650 is configured to transmit the certificate and the hash value of the first electronic data to the blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on the smart contract.

Optionally, the device is further configured to:

creating second electronic data and storing the second electronic data in a first database;

determining first electronic data from the second electronic data, and determining a hash value of the first electronic data by adopting a hash algorithm;

and signing the hash value of the first electronic data by adopting the second private key and the first electronic signature to obtain second signature information.

Optionally, the generating module 640 is specifically configured to:

consistency verification is carried out on the hash value of the first electronic data to be uplinked through a preset logic circuit equation;

when the consistency verification is passed, verifying second signature information of the hash value of the first electronic data by adopting a preset second public key and verifying first signature information of the hash value of the first electronic data by adopting a preset first public key respectively;

when the first signature information and the second signature information are both verified, a proof file is generated by using a zero-knowledge proof tool based on the hash value of the first electronic data, the first signature information, the second signature information, the first public key and the second public key.

Optionally, the generating module 640 is specifically configured to:

taking the hash value of the first electronic data as public input, taking the first signature information, the second signature information, the first public key and the second public key as private input, and generating a witness file through a zero knowledge proof tool;

generating a proving key by adopting a zero knowledge proving tool and a preset logic circuit;

a certification document is generated based on the witness document and the certification key.

Optionally, the device is further configured to:

receiving a uplink result sent by a block chain system;

when the uplink result represents successful uplink, acquiring a data node index and a merck tree root which are stored in the blockchain system and correspond to the hash value of the first electronic data;

the data node index and the merck tree root are sent to the second client so that the second client verifies the validity of the hash value of the first electronic data stored in the blockchain system based on the data node index and the merck tree root.

Optionally, the device is further configured to:

and sending a verification key to the blockchain system to enable the blockchain system to verify the correctness of the certificate based on the intelligent contract, wherein the verification key is generated by adopting a zero knowledge proof tool and a preset logic circuit.

The blockchain certification device provided in this embodiment may execute the embodiment of the method, and its implementation principle and technical effects are similar, and will not be described herein.

Fig. 10 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present invention. As shown in fig. 10, the apparatus may implement the method shown in fig. 5, and the apparatus may include:

the receiving module 710 is configured to receive and respond to an electronic data signing request sent by the first client, and obtain second electronic data and second signature information, where the second electronic data includes the first electronic data, and the second signature information is obtained by signing a hash value of the first electronic data by the first client;

the verification module 720 is configured to verify the second signature information by using a preset second public key;

and the sending module 730 is configured to send, when the verification passes, first signature information and a first public key to the first client, where the first signature information is obtained by signing the hash value of the first electronic data by the second client.

Optionally, the device is further configured to:

storing the second electronic data in a second database;

and signing the hash value of the first electronic data by adopting the first private key and the second electronic signature to obtain first signature information.

Optionally, the device is further configured to:

receiving a uplink result sent by a block chain system;

when the uplink result represents successful uplink, receiving a data node index and a merck tree root sent by a first client;

based on the data node index and the merck tree root, the validity of the hash value of the first electronic data stored in the blockchain system is verified.

Fig. 11 is a schematic structural diagram of a blockchain certification device according to an embodiment of the present invention. As shown in fig. 10, the apparatus may implement the method shown in fig. 6, and the apparatus may include:

a receiving module 810, configured to receive a certificate sent by a first client and a hash value of first electronic data;

and a storage module 820 for verifying the correctness of the certificate based on the smart contract, and storing the hash value of the first electronic data when the correctness of the certificate is verified.

Optionally, the storage module 820 is specifically configured to:

acquiring a verification key sent by a first client, wherein the verification key is a key corresponding to a certification key generated by adopting a zero knowledge certification tool and a preset logic circuit;

verifying the correctness of the certificate through a first intelligent contract based on the verification key and the hash value of the first electronic data;

When the verification is correct, the hash value of the first electronic data is stored based on the second smart contract.

Optionally, the device is further configured to:

and sending the uplink result to the first client and the second client.

Fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the present invention. As shown in fig. 12, a schematic diagram of a computer system 900 suitable for use in implementing the terminal device of the embodiments of the present application is shown.

As shown in fig. 12, the computer system 900 includes a Central Processing Unit (CPU) 901, which can execute various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data necessary for the operation of the system 900 are also stored. The CPU901, ROM902, and RAM903 are connected to each other through a bus 904. An input/output (I/O) interface 906 is also connected to bus 904.

The following components are connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 906 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.

In particular, the processes described above with reference to fig. 2-5 may be implemented as computer software programs according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the methods of fig. 3-6. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules described in the embodiments of the present application may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor, for example, as: a processor includes a first transmitting module, a receiving module, a verification module, a generating module, and a second transmitting module. Wherein the names of the units or modules do not in some cases constitute a limitation of the unit or module itself, for example, the first sending module may also be described as "for sending an electronic data subscription request to the second client, said electronic data subscription request comprising the first electronic data".

As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by one of the electronic devices, cause the electronic device to implement the blockchain certification method as described in the above embodiments.

For example, the electronic device may implement the method as shown in fig. 2: step S101, an electronic data signing request is sent to a second client, wherein the electronic data signing request comprises first electronic data; step S102, receiving first signature information corresponding to the hash value of the first electronic data, which is sent by a second client; step S103, verifying the first signature information by adopting a preset first public key; step S104, when the verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file; step S105, transmitting the certificate and the hash value of the first electronic data to a blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on a smart contract. As another example, the electronic device may implement the various steps shown in fig. 3-5.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc. From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware.

Claims

1. The blockchain certification method is applied to a first client and is characterized by comprising the following steps:

Transmitting the certificate and the hash value of the first electronic data to a blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on an intelligent contract;

wherein, adopt zero knowledge to prove the algorithm and produce the evidence file, including:

when the first signature information and the second signature information are verified to pass, a zero knowledge proof tool is adopted to generate a proof file based on the hash value of the first electronic data, the first signature information, the second signature information, the first public key and the second public key;

generating a proof file using a zero knowledge proof tool based on the hash value of the first electronic data, the first signature information, the second signature information, the first public key, and the second public key, comprising:

2. The method of claim 1, wherein prior to sending the electronic data subscription request to the second client, the method further comprises:

and signing the hash value of the first electronic data by adopting a second private key and the first electronic signature to obtain second signature information.

3. The method of claim 1, wherein after sending the certificate and the hash value of the first electronic data to a blockchain system, the method further comprises:

receiving a uplink result sent by the block chain system;

and sending the data node index and the merck tree root to the second client so that the second client verifies the validity of the hash value of the first electronic data stored in the blockchain system based on the data node index and the merck tree root.

4. The method according to claim 1, wherein the method further comprises:

and sending a verification key to the blockchain system so that the blockchain system verifies the correctness of the certificate based on the intelligent contract, wherein the verification key is generated by adopting a zero-knowledge proving tool and a preset logic circuit.

5. The method according to claim 1, characterized in that it comprises:

6. The method of claim 5, wherein after verifying the second signature information using a second public key, the method further comprises:

storing the second electronic data in a second database;

and signing the hash value of the first electronic data by adopting a first private key and a second electronic signature to obtain first signature information.

7. The method of claim 5, wherein after sending the first signature information to the first client, the method further comprises:

receiving a uplink result sent by the block chain system;

based on the data node index and the merck tree root, verifying validity of a hash value of the first electronic data stored in the blockchain system.

8. The method of claim 1, applied to a blockchain system, comprising:

9. The method of claim 8, wherein verifying the correctness of the document based on the smart contract and storing the hash value of the first electronic data when verifying that the document is correct comprises:

and when the verification is correct, storing the hash value of the first electronic data based on the second intelligent contract.

10. The method of claim 8, wherein after storing the hash value of the first electronic data, the method further comprises:

and sending a uplink result to the first client and the second client.

11. A blockchain certification device, the device comprising:

the second sending module is used for sending the certificate and the hash value of the first electronic data to a blockchain system, so that the blockchain system stores the hash value of the first electronic data after verifying that the certificate is correct based on an intelligent contract;

12. The apparatus of claim 11, wherein the apparatus comprises:

the receiving module is used for receiving and responding to an electronic data signing request sent by a first client, acquiring second electronic data and second signature information, wherein the second electronic data comprises first electronic data, and the second signature information is obtained by signing a hash value of the first electronic data by the first client;

and the sending module is used for sending first signature information to the first client when the verification passes, wherein the first signature information is obtained by signing the hash value of the first electronic data by the second client.

13. The apparatus of claim 11, wherein the apparatus comprises:

and the storage module is used for verifying the correctness of the certificate based on the intelligent contract and storing the hash value of the first electronic data when verifying that the certificate is correct.

14. The blockchain certification system is characterized by comprising a first client, a second client and a blockchain system, wherein the first client is respectively communicated with the second client and the blockchain system, and the second client is communicated with the blockchain system;

the first client is used for sending an electronic data signing request to the second client, receiving first signature information corresponding to a hash value of first electronic data sent by the second client, and verifying the first signature information by adopting a preset first public key; when verification is passed, a zero knowledge proof algorithm is adopted to generate a proof file, and the proof file and the hash value of the first electronic data are sent to the block chain system;

The second client is used for receiving and responding to the electronic data signing request sent by the first client, acquiring second electronic data and second signature information, and verifying the second signature information based on a preset second public key; when the verification is passed, first signature information is sent to the first client;

the block chain system is used for receiving the certification file sent by the first client and the hash value of the first electronic data; verifying the correctness of the certificate based on an intelligent contract, and storing the hash value of the first electronic data when the correctness of the certificate is verified;

15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-10 when the program is executed by the processor.

16. A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any of claims 1-10.